chromedriver-102.0.5005.61-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12109-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-102.0.5005.61-1.1 on GA media These are all security issues fixed in the chromedriver-102.0.5005.61-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12109 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-1853/ SUSE CVE CVE-2022-1853 page https://www.suse.com/security/cve/CVE-2022-1854/ SUSE CVE CVE-2022-1854 page https://www.suse.com/security/cve/CVE-2022-1855/ SUSE CVE CVE-2022-1855 page https://www.suse.com/security/cve/CVE-2022-1856/ SUSE CVE CVE-2022-1856 page https://www.suse.com/security/cve/CVE-2022-1857/ SUSE CVE CVE-2022-1857 page https://www.suse.com/security/cve/CVE-2022-1858/ SUSE CVE CVE-2022-1858 page https://www.suse.com/security/cve/CVE-2022-1859/ SUSE CVE CVE-2022-1859 page https://www.suse.com/security/cve/CVE-2022-1860/ SUSE CVE CVE-2022-1860 page https://www.suse.com/security/cve/CVE-2022-1861/ SUSE CVE CVE-2022-1861 page https://www.suse.com/security/cve/CVE-2022-1862/ SUSE CVE CVE-2022-1862 page https://www.suse.com/security/cve/CVE-2022-1863/ SUSE CVE CVE-2022-1863 page https://www.suse.com/security/cve/CVE-2022-1864/ SUSE CVE CVE-2022-1864 page https://www.suse.com/security/cve/CVE-2022-1865/ SUSE CVE CVE-2022-1865 page https://www.suse.com/security/cve/CVE-2022-1866/ SUSE CVE CVE-2022-1866 page https://www.suse.com/security/cve/CVE-2022-1867/ SUSE CVE CVE-2022-1867 page https://www.suse.com/security/cve/CVE-2022-1868/ SUSE CVE CVE-2022-1868 page https://www.suse.com/security/cve/CVE-2022-1869/ SUSE CVE CVE-2022-1869 page https://www.suse.com/security/cve/CVE-2022-1870/ SUSE CVE CVE-2022-1870 page https://www.suse.com/security/cve/CVE-2022-1871/ SUSE CVE CVE-2022-1871 page https://www.suse.com/security/cve/CVE-2022-1872/ SUSE CVE CVE-2022-1872 page https://www.suse.com/security/cve/CVE-2022-1873/ SUSE CVE CVE-2022-1873 page https://www.suse.com/security/cve/CVE-2022-1874/ SUSE CVE CVE-2022-1874 page https://www.suse.com/security/cve/CVE-2022-1875/ SUSE CVE CVE-2022-1875 page https://www.suse.com/security/cve/CVE-2022-1876/ SUSE CVE CVE-2022-1876 page openSUSE Tumbleweed chromedriver-102.0.5005.61-1.1 chromium-102.0.5005.61-1.1 chromedriver-102.0.5005.61-1.1 as a component of openSUSE Tumbleweed chromium-102.0.5005.61-1.1 as a component of openSUSE Tumbleweed Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-1853 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1853.html CVE-2022-1853 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1854 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1854.html CVE-2022-1854 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1855 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1855.html CVE-2022-1855 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. CVE-2022-1856 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1856.html CVE-2022-1856 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. CVE-2022-1857 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1857.html CVE-2022-1857 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. CVE-2022-1858 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1858.html CVE-2022-1858 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1859 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1859.html CVE-2022-1859 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. CVE-2022-1860 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1860.html CVE-2022-1860 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. CVE-2022-1861 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1861.html CVE-2022-1861 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. CVE-2022-1862 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1862.html CVE-2022-1862 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. CVE-2022-1863 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1863.html CVE-2022-1863 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. CVE-2022-1864 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1864.html CVE-2022-1864 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. CVE-2022-1865 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1865.html CVE-2022-1865 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. CVE-2022-1866 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1866.html CVE-2022-1866 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. CVE-2022-1867 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1867.html CVE-2022-1867 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. CVE-2022-1868 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1868.html CVE-2022-1868 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1869 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1869.html CVE-2022-1869 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2022-1870 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1870.html CVE-2022-1870 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. CVE-2022-1871 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1871.html CVE-2022-1871 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. CVE-2022-1872 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1872.html CVE-2022-1872 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-1873 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1873.html CVE-2022-1873 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. CVE-2022-1874 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1874.html CVE-2022-1874 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-1875 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1875.html CVE-2022-1875 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1876 openSUSE Tumbleweed:chromedriver-102.0.5005.61-1.1 openSUSE Tumbleweed:chromium-102.0.5005.61-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1876.html CVE-2022-1876 https://bugzilla.suse.com/1199893 SUSE Bug 1199893